Comment sought on Oracle agreement spurred by FTC complaint

Agreement targets 850 million users

The proposed agreement would require Oracle to provide 850 million users with the ability to uninstall older versions of Java SE as well as provide more notification to its Java SE users. The company must notify users during the update process of any old copies of Java SE still in the system, explaining the risk posed by the older versions and informing users on how to get rid of the earlier versions of the software.

Interested parties can send in comments electronically about the proposed settlement.

Additionally, the proposed agreement extends beyond Java SE to "any other software offered by Oracle directly to consumers to run programs on their computers or applications within a browser. [It] does not include software offered exclusively for developers or enterprises." In other words, the agreement will cover everything run on personal computers but not software for developers or enterprise use.

The update process in question allegedly didn't remove versions of Java SE prior to version 6 update 10. Earlier versions of Java SE contain significant security holes that left the system open to malware and phishing. Oracle didn't inform its users that updating Java SE would not remove earlier versions that may be security risks, the FTC complaint said.

Further, Oracle has been aware of the security problems in early versions of Java SE since 2010, when it bought Java, according to the complaint. The FTC also alleged that Oracle has been aware of the inadequacy of its update process since 2011. For failing to disclose this information to its users, the FTC said Oracle had violated Section 5 of the Federal Trade Commission Act, which covers "unfair or deceptive acts and practices."